Last updated on August 26th, 2024 at 06:24 am
In today’s world, it is important to protect your website from malicious attackers and bots. For this purpose, it is essential to install an advanced and customizable firewall application. There are several firewalls available in the market – free and paid ones. Among them, Modsecurity is a popular one. Modsecurity protects websites from malicious attacks and security threats. In this article, we will learn how to install and configure modsecurity in NGINX.
What is Modsecurity
Modsecurity is an open-source firewall system initially created for Apache web server and later on adapted for Microsoft IIS and NGINX. It is robust and mature, with a vast user community. It offers several key features such as SQL Injection, Cross Site Scripting, and response filtering capabilities. It also provides real-time monitoring, logging and filtering of requests. It can be deployed as a standalone software or embedded within another application. It is mainly used monitor and manage HTTP and HTTPS traffic to websites and applications.
How to install modsecurity in NGINX
Here are the steps to install and setup modsecurity in NGINX. Please note, if you need to install modsecurity, you need to compile it with NGINX source code.
1. Install Prerequisites
Open terminal and run the following command to install prerequisites for modsecurity
CentOS/Redhat
# yum groupinstall -y "Development Tools"
# yum install -y httpd httpd-devel pcre pcre-devel libxml2 libxml2-devel curl curl-devel openssl openssl-devel
Debian/Ubuntu
$ sudo apt-get install -y git build-essential libpcre3 libpcre3-dev libssl-dev libtool autoconf apache2-dev libxml2-dev libcurl4-openssl-dev automake pkgconf
Bonus Read : How to Enable NGINX status page
2. Download NGINX and Modsecurity
Download NGINX and modsecurity with following commands. Update the NGINX version as per your requirement
$ wget http://nginx.org/download/nginx-1.21.4.tar.gz
$ gunzip -c nginx-1.21.4.tar.gz | tar xvf –
You will see a new folder nginx-1.21.4 created.
We also need to download and install NGINX connector which communicates between NGINX and modsecurity.
$ git clone https://github.com/SpiderLabs/ModSecurity-nginx
Run the following command to download modsecurity.
$ git clone --depth 100 -b v3/master --single-branch https://github.com/SpiderLabs/ModSecurity
$ cd ModSecurity
$ git submodule init
$ git submodule update
Bonus Read : How to Install Varnish in NGINX
3. Install NGINX with Modsecurity
Run the following commands to compile and install modsecurity library
$ sh build.sh
./configure
$ make
$ make install
Run the following commands to compile and install NGINX with modsecurity.
$ cd nginx-1.21.4
$ ./configure --with-compat --with-openssl=/usr/include/openssl/ --add-dynamic-module=/usr/local/src/cpg/ModSecurity-nginx
$ make modules
$ cp objs/ngx_http_modsecurity_module.so /usr/share/nginx/modules/
This will install NGINX with modsecurity.
Bonus Read : Step by Step NGINX SSL configuration
4. Configure modsecurity
We need to load ModSecurity as an NGINX module. For this purpose, create or open file /etc/nginx/modules-enabled/50-mod-http-modsecurity.conf and add the following line to it.
load_module modules/ngx_http_modsecurity_module.so;
Save and close the file.
Open NGINX configuration file.
$ sudo vi /etc/nginx/nginx.conf
Add the following line to it.
include /etc/nginx/cpguard_waf_load.conf;
Open file /etc/nginx/cpguard_waf_load.conf. Add the following line to it.
modsecurity on;
modsecurity_rules_file /etc/nginx/nginx-modsecurity.conf;
Open the file /etc/nginx/nginx-modsecurity.conf.
SecRuleEngine On
SecRequestBodyAccess On
SecDefaultAction "phase:2,deny,log,status:406"
SecRequestBodyLimitAction ProcessPartial
SecResponseBodyLimitAction ProcessPartial
SecRequestBodyLimit 13107200
SecRequestBodyNoFilesLimit 131072
SecPcreMatchLimit 250000
SecPcreMatchLimitRecursion 250000
SecCollectionTimeout 600
SecDebugLog /var/log/nginx/modsec_debug.log
SecDebugLogLevel 0
SecAuditEngine RelevantOnly
SecAuditLog /var/log/nginx/modsec_audit.log
SecUploadDir /tmp
SecTmpDir /tmp
SecDataDir /tmp
SecTmpSaveUploadedFiles on
# Include file for cPGuard WAF
Include /etc/nginx/cpguard_waf.conf
Save and close the file.
Bonus Read : How to Prevent Image Hotlinking in NGINX
5. Restart NGINX Server
Run the following command to check syntax of your updated config file.
$ sudo nginx -t
If there are no errors, run the following command to restart NGINX server.
$ sudo service nginx reload #debian/ubuntu
$ systemctl restart nginx #redhat/centos
Bonus Read : How to Harden NGINX Server
6. Verify Modsecurity Installation
Run the following command to verify modsecurity installation.
$ nginx -v
If modsecurity is successfully installed and enabled, you will see modsecurity mentioned in the output.
nginx version: nginx/1.21.4 built by gcc 4.4.7 20120313 (Red Hat 4.4.7-16) (GCC) configure arguments: --add-module=../modsecurity-2.9.1/nginx/modsecurity
That’s it! Hopefully, the above tutorial will help you install & configure modsecurity in NGINX.
Ubiq makes it easy to visualize data in minutes, and monitor in real-time dashboards. Try it today!
Sreeram Sreenivasan is the Founder of Ubiq. He has helped many Fortune 500 companies in the areas of BI & software development.